Please fill in the form below to subscribe to our blog

Stolen Account Info Zooms to Dark Web for 500K+ Zoom Users

April 16, 2020
A blue globe with a dark blue arrow appears on a computer monitor.

Earlier this week, Mashable reported that over 500,000 Zoom users have had their account information compromised, and those details are now available on the Dark Web. The users affected range from average grandmas signing on for a virtual visit with the grandkids to big business clients like Citibank that could be handling sensitive data.

The compromised data includes the Zoom user’s email address, password, personal meeting URL, and host key. Zoom has dramatically increased in popularity for both personal and business use, but virtual meetings aren’t as safe as you might think. Cybercriminals can exploit stolen Zoom credentials in many ways.

  • Scammers that gain access to Zoom host keys can use them to create fake meeting invitations that look legitimate but are really infested with malware.  
  • Zoom users who are reusing passwords that also access other applications could be giving the bad guys a tool that leads their company to a data breach.  
  • Bad actors can use stolen credentials to drop in on Zoom meetings and steal data or proprietary information that’s being discussed or shared on screen. 
  • Stolen host keys enable cybercriminals and troublemakers to access a user’s personal meeting rooms to cause disruption through “Zoombombing” 

So, what can you do to prevent this from being a problem for your company? Take these sensible precautions to beef up cybersecurity and adopt smart practices to make sure that cybercriminals can’t penetrate your cybersecurity defenses through Zoom or other virtual meeting software.

  • Invest in Dark Web monitoring. The best way to keep cybercriminals from using information about your company or staff that they’ve obtained illegally against you is to monitor the Dark Web vigilantly. Solutions like Dark Web ID alert you to the presence of your company’s information or data on the Dark Web, giving you a defensive edge.  
  • Create and enforce information and access security policies for virtual meetings. Lay out what can be discussed, what can be shared onscreen, where staffers can log in from, and what devices staffers can use for meetings as well as the security protocols that need to be followed. 
  • Refresh every staffer on potential vectors for phishing attacks and how to repel them using a training tool like BullPhish ID. If your company’s Zoom credentials have already been compromised, that information may be used by bad actors to mount spear phishing attacks.  
  • Reset all Zoom credentials and logins for any other applications that users might have recycled that credential to. Password reuse is endemic in a world where everything needs a password. Add additional secure identity and access management protection with multifactor authentication through Passly to combat the dangers of password recycling.  

We’ll all be out of quarantine eventually, but the business world will likely be changed forever by the convenience and cost savings that businesses are enjoying from remote meetings. Adopting good virtual meeting habits now to bolster cybersecurity will save companies from costly headaches down the road.